Flooding and Denial of Service Prevention

You can configure EFT Server to automatically ban IP addresses that may potentially be associated with a DoS (Denial of Service) attack. The Server monitors connection patterns, tracks each user's activity density, and then bans IP addresses with unnaturally dense activity.

Banning an IP address temporarily protects EFT Server from attacks. If EFT Server is correct and a temporarily banned IP address was the source of an attack, EFT Server will not be harmed by the attempted attack. EFT Server's resources will remain free or minimally burdened, instead of being completely bogged down by the attacking IP address. If you select to temporarily ban IP addresses, the IP address's access to EFT Server is restricted for a minute or two, based on the EFT Server security setting you select using the slider bar. Choosing to ban users temporarily means that if EFT Server identifies an ordinary but very active user as a threat, the user will soon be able to reconnect to the Site. When you ban IP addresses temporarily, the level of security you set for the slider indicates both the number of seconds the user can attempt to occupy all of EFT Server's resources before being banned and the number of seconds the user is banned. The higher the security, the less time before the user is banned and the longer the user remains banned.

If you elect to permanently ban the IP addresses of users whose activity fits the pattern of an attack, those users are immediately banned when they exceed the number of connections allowed for your security level. If EFT Server has banned a user whom you want to allow access, you will need to modify the TCP/IP Access Restrictions list to allow access.

To activate Auto-ban

1. In EFT Administrator, connect to EFT Server and click the Server tab.

2. In the left pane, click the Site you want to configure.

3. In the right pane, click the IP Access tab.

4. In the Auto Ban Connection Flood Sensitivity area, specify a sensitivity level using the slider bar.

If you set the slider to Off, Very Low, or Low on an HS-PCI-enabled Site, a message appears to warn you that this setting violates PCI DSS requirement 2.2.3, and allows you to continue with reason or choose a different setting.

5. Click a ban period:

• Ban IPs for time period proportional to sensitivity (higher = longer)

• Ban IPs permanently (add to TCP/IP access restrictions list)

6. Click Apply to save the changes on EFT Server.

Related Topics

Disconnecting Users